A Way Reduce Signed Bitwise Differences that Transformed Into Same Modular Differences

A Way Reduce Signed Bitwise Differences that

Transformed Into Same Modular Differences

Xu ZiJie and Xu Ke

[email protected] [email protected]

Abstract. We study signed bitwise differences and modular differences. We find a way to reduce signed bitwise differences that can be transformed into same modular differences. In this way, it needs arithmetic difference. We establish one-one relationship between modular differences and arithmetic difference. And establish one-one relationship between signed bitwise differences and arithmetic difference. Then it will reduce signed bitwise differences that can be transformed into same arithmetic difference. In this paper, we design a construction with ways we find. Given modular differences, some signed bitwise difference is uniquely determined.

Keywords: Modular difference, Arithmetic difference, Signed Bitwise difference

1 Introduction

Biham and Shamir[1,2] proposed differential cryptanalysis, and differential cryptanalysis was success applied on some cryptosystems. Afterwards some different differences are proposed. The main differences include modular difference, signed bitwise difference[3], xor-difference. These differences have different advantage. They are used in different scheme.

In this paper, we will focus on modular difference and signed bitwise difference. By theorem 4.3 of Daum’s paper ‘Cryptanalysis of Hash Functions of the MD4-Family’ [5], to given signed bitwise difference the modular difference is uniquely determined. At the same time, there are some signed bitwise differences will be transformed into same modular difference. For example, signed bitwise differences (0,…,0,1) and (0,…,1,-1) will be transformed into modular difference 1. So the relationship of modular difference and signed bitwise difference is one-many relationship.

There are some constructions or functions have more feasible variable pairs satisfy given modular difference than satisfy given signed bitwise difference. Usual the feasible variable pairs satisfy given modular difference include feasible variable pairs satisfy signed bitwise differences transformed into given modular difference. Thus if it can reduce signed bitwise differences transformed into given modular difference, it will strong construction or function under modular difference.

and establish one-one relationship between arithmetic differences and modular differences. And we build a construction with these ways. Given modular difference, some signed bitwise difference will be uniquely determined.

In this paper, we will explain ways establish one-one relationship between different differences in section 2 and section 3, and then we will build a construction with these ways in section 4.

We will use follow notation:

Modular difference: △+x:=△+(x,x’):=(x-x’+2n_{) mod 2}n _(1.1) Arithmetic difference: △x:=△(x,x’):=x-x’ (1.2) Signed Bitwise difference:

△±x:=△±(x,x’):= (△±xn-1,…, △±x0) :=(xn-1-x’n-1,…, x0-x’0) (1.3) The + and - operation in section 2 and section 3 is normal addition and subtraction. And the + operation in section 4 is modular addition.

2 Arithmetic Differences and Modular Differences

In this section we will discuss transition between arithmetic difference and modular difference, and then we will show the way establish one-one relationship between arithmetic difference and modular difference.

2.1 Transform Arithmetic Difference into Modular Difference

By (1.1)(1.2), there exists:

△+x=(x-x’+2n_{) mod 2}n_{= (△x +2}n_{) mod 2}n _(2.1) Because there exists -2n_<△x<2n _{and 0<△}+_x<2n _{, thus:}































 

0

2

0

x

if

x

x

x

if

x

x

n (2.1.a)

By (2.1), it can transform given arithmetic difference into the sole modular difference. So there exists follow theorem

Theorem 2.1:

Given arithmetic difference, the modular difference is

uniquely determined.

2.2 Transform Modular Difference into Arithmetic Difference

To a given modular difference, by (2.1), it is known there are many arithmetic differences will satisfy (2.1). Because there exists -2n_<△x<2n _{and 0<△}+_x<2n_{. So the} follow arithmetic differences can be transformed into given modular difference:



































  

0

0

0

0

,

1

2

x

if

x

x

if

k

k

x

x

n

By (2.2), it can transform given modular difference into two arithmetic differences. One is bigger than 0, the other less than 0.

2.3 Establish one-one relationship between arithmetic difference and modular difference

When we study the transition of arithmetic difference and modular difference, we find that if change arithmetic difference, the change of modular difference will depend on arithmetic difference bigger than 0 or not. By (2.2), the modular difference can transform into the arithmetic difference bigger than 0 or less than 0. So it can change the arithmetic difference, and then determine the sign of arithmetic difference by how modular difference change, and then compute out the arithmetic difference by (2.2).

It can use shift right operation (SHR) to change arithmetic difference. Let there are two variable x, x1 satisfy:

x1= SHRr_{(x)=x>>r (2.3)} We just discuss the case r=1. If there is arithmetic difference △x≠0, then there exists:

△x1=x1-x1’=x>>1-x’>>1=(x-x’)/2=△x/2 (2.4) By (2.4), if △x1≠0, △x1 will has same sign with △x. So it can be divided into three cases:

1. △x1=0 and △x≠0 ==>△+x1=0 △x=±1

2. △x1>0 and △x≠0 ==>△x>0 ==> △+x =△x and △+x1 =△x1 3. △x1<0 and △x≠0 ==>△x<0≠0==> △+x =△x+2n _{and △}+_{x1 =△x1+2}n

Case 1: △x1=0 and △x≠0

By (2.1) and △x1=0, there exists △+x1=0 If △x>1 , there exists:

△x1≥1 (2.5) If △x<1 , there exists:

△x1≤-1 (2.6) By (2.5), (2.6) and △x≠0, there exists:

△x∈{1, -1} (2.7) By (2.1.a), there exists:

△+x∈{1, 2n-1} (2.8) Thus if △+x=1, by (2.2), there exists △x∈{1, 1-2n_{}. Thus by (2.7), if △}+_x1=0 and △+x=1, there exist:

△x∈{1, -1}∩{1, 1-2n_{}={1} (2.9)} If △+x=2n-1, by (2.2), there exists △x∈{-1,2n-1}. Thus by (2.7), if △+x1=0 and

△+x=2n_{-1, there exist:}

△x∈{1, -1}∩{-1,2n_{-1}={-1} (2.10)} Case 2: △x1>0 and △x≠0

By (2.1) and △x1>0, there exists △+x1≠0. By (2.4) and △x1>0,there exists △x>0. By (2.1.a), there exists:

Case 3: △x1<0 and △x≠0

By (2.1) and △x1<0, there exists △+x1≠0. By (2.4) and △x1<0,there exists △x<0. By (2.1.a), there exists:

(△+x-△+x1)×△x=(△x+2n -△x1-2n)×△x=(△x)2-△x/2×△x >0 (2.12) So to given modular difference (△+x,△+x1), by(2.9), (2.10), (2.11) and (2.12), it can compute △x follow:





































































  



  



 

 

)

0

)

1

((

)

0

1

(

2

)

0

)

1

((

)

0

1

(

)

1

(

)

0

1

(

1

)

1

2

(

)

0

1

(

1

x

x

and

x

if

x

x

x

and

x

if

x

x

and

x

if

x

and

x

if

x

n

n

(2.13)

By (2.13), there exists follow theorem:

Theorem 2.2:

If variable x1, x satisfy (2.3), Given modular difference

(

△+x,△+x1

), the arithmetic difference

△x

is uniquely determined.

3 Arithmetic Difference and Singed Bitwise Difference

In this section, we will discuss some characters about signed bitwise difference, and then we will expound a way establish one-one relationship between arithmetic difference and signed bitwise difference.

3.1 Singed Bitwise Difference

Let there are two different signed bitwise difference △±xa, △±xb satisfy:

△±xa2×k+1=△±xb2×k+1 k=0,1,…,n/2-1 (3.1) There exists follow lemma:

Lemma 3.1:

Given two signed bitwise difference

△

±

xa,

△

±

xb

.

There exists

△

±

xa

i

-

△

±

xb

i

∈

{-2,-1,0,1,2}

Proof:

Because △±xai,△±xbi∈{-1,0,1}, so there exists:

△±xai-△±xbi∈{-2,-1,0,1,2} □ Then there exists follow corollary:

Corollary 3.1:

Given different signed bitwise differences

△

±

xa,

△

±

xb

satisfy (3.1). If

△

±

xa≠

△

±

xb. Then there exists

△

xa≠

△

xb.

Proof:

To two different signed bitwise difference △±xa, △±xb there exists index I make:

△±xaI≠△±xbI

Let IMAX is the maximum index:

I

M A X

m a x{

i

|

xa

i

xb

i

}

 

_

_

By (3.1), there exists: IMAX mod 2=0 And



 _1





 _1

MAX

MAX I

I

xb

xa

If IMAX=0, there exists:

)

2

.

3

(

2

2

0

2

2

1 0 1 0 0 0 1 0 1 0









             































n i i i n i i i n i i i n i i i

xb

xa

xb

xa

xb

xa

If IMAX>0, there exists:









              









































2 0 0 1 0 1 0

2

)

(

2

)

(

2

)

(

2

2

MA X MA X MA X MA X MA X I i i i i I I I I i i i i n i i i n i i i

xb

xa

xb

xa

xb

xa

xb

xa

Let:



     

























2

0

(

)

2

2

2

)

(

1

MAX MAX MAX MAX I i i i i I I I

xb

xa

xb

xa

By lemma 3.1 and

MAX

MAX I

I

xb

xa





_

_



, there exists:

}

2

,

2

,

2

,

2

{

1





1



1



IMAX IMAX IMAX IMAX

}

2

,

2

,

2

,

2

{

1



1





1





IMAX IMAX IMAX IMAX

By lemma 3.1, there exists:

)

1

2

(

2

2

2

2

)

1

2

(

2

2

2

1 1 2 0 1 1 2 0





































        MA X MA X MA X MA X MA X MA X I I i i I i i I I i i I i i

Thus:



2



{



2

IMAX



1

,...,

0

,...,

2

IMAX



1

}

Because there exists:

















 

}

1

2

,...,

0

,...,

1

2

{

}

2

,

2

,

2

,

2

{

IMAX 1 IMAX IMAX IMAX 1 IMAX IMAX

Thus there do not exists △2 make



1





2



0

. So there exists:

0

2

1

2

2

1 0 1

0

























      n i i i n i i i

xb

xa

Thus:



_











_1







0 1

0

2

2

n i i i n i i i

xb

xa

(3.3)

By (3.2)(3.3), there exists:



_











_1







0 1

0

2

2

n i i i n i i i

xb

xa

△±xa2×k=△±xb2×k k=0,1,…,n/2-1 (3.4) There exists corollary:

Corollary 3.2:

Given different signed bitwise differences

△

±

xa,

△

±

xb

satisfy (3.4). If

△

±

xa≠

△

±

xb. Then there exists

△

xa≠

△

xb.

3.2 Establish one-one relationship between Arithmetic difference and Singed Bitwise Difference

Corollary 3.1 and 3.2 show it can transform two signed bitwise differences satisfy (3.1) or (3.4) into same arithmetic difference. We find some ways to create signed bitwise difference satisfy (3.1) or (3.4), we give out a way as follow:



 





/2

0 2

2

1

n

i i

x

x

(3.5) Then there exists follow corollary:

Corollary 3.3: Let x, x1 satisfy (3.5), to two given difference pair (△±x,△±x1) and (△±x’,△±x1’). If (△±x,△±x1)≠(△±x’,△±x1’), there exists:

(△x,△x1)≠(△x’,△_x1’) Proof:

x, x1 satisfy (3.5), then there exists:

x12×k+1=0 k=0,1,…,n/2-1 Then there exists:

△±x12×k+1≠△±x1’ 2×k+1=0 k=0,1,…,n/2-1 By corollary 3.1, it can divide this into two cases :

Case 1: △±x1≠△±x1’ => △x1≠△x1’ Case 2: △±x1=△±x1’ => △x1=△x1’ Case 1: △±x1≠△±x1’

By corollary 3.1, there exists △x1≠△x1’, thus:

(△x,△x1)≠(△x’,△x1’) (3.6)

Case 2: △±x1=△±x1’

Because x, x1 satisfy (3.5), thus there exists: x12×k≠x 2×k Thus:

△±x12×k =△±x2×k k=0,1,…,n/2-1

△±x1’2×k =△±x’2×k k=0,1,…,n/2-1 By △±x1=△±x1’, thus:

△±x1’2×k =△±x’2×k=△±x12×k =△±x2×k k=0,1,…,n/2-1 (3.7) By (△±x,△±x1)≠(△±x’,△±x1’), △±x1=△±x1’, there exists:

△±x≠△±x’ (3.8)

By (3.7), (3.8), corollary 3.2, there exists △x≠△x’, thus:

(△x,△x1)≠(△x’,△x1’) (3.9) By (3.6) and (3.9), if x, x1 satisfy (3.5) and (△±x,△±x1)≠(△±x’,△±x1’), there exists:

By corollary 3.3, if x, x1 satisfy (3.5), it can not transform different signed bitwise difference pair into same arithmetic difference pair. Thus the relationship between (△±x,△±x1) and (△x,△x1) is one-one relationship.

4. A Construction

In this section, we will build a construction that use ways that explained in section 2 and section 3. In the construction, given modular differences, some signed bitwise difference will be uniquely determined.

In this section, we will use addition model 2n_{. And the construction as follow:}

Fig 4.1 Construction I

The function F1 is some function be well analyzed. The construction take 4 n-bit words a1,b1,c1,d1 as input, and produce 4 n-bit words a2,b2,c2,d2 as output. To simplify analysis, we use variable x1,x2,x3,x4, and let:

      

 

 

  

1 2 4

1 2 3

1 2 2

1 1

d d x

c c x

b b x

a x

By fig 4.1, there exists:

     

 

 







_

1 3 4

1 1 2

2 1

3 /2

0

x x

x x

x

x n

i i

When given modular difference △+a1,△+b1,△+b2,△+c1,△+c2,△+d1,△+d2, there exists:

△+x1=△+a1

△+x2=△+c1-△+c2

△+x3=△+b1-△+b2

△+x4=△+d1-△+d2

By theorem 2.2 and x1,x2 satisfy (2.3), given modular differences △+x1,△+x2, the arithmetic differences △x1 is uniquely determined. By theorem 2.2 and x3,x4 satisfy (2.3), given modular differences △+x3,△+x4, the arithmetic differences △x3 is uniquely determined. By corollary 3.3 and x1,x3 satisfy (3.5), given arithmetic differences △x3,△x1, the signed bitwise difference △±x1,△±x3 are uniquely determined. Thus in the construction I, given the modular difference, the input signed bitwise difference of function F1 is uniquely determined.

F1

>>1 +

+

+ >>1



 /2 02

n i

i

a2 b2 c2 d2

a1 b1 c1 d1

x1 x2 _x3

When design a construction, there maybe some functions strong under arithmetic difference or signed bitwise difference, but weak under modular difference. Then it can use ways showed in fig 4.1 to strengthen the construction under modular difference.

5.

Conclusion

In this paper, we study some characters about modular difference, arithmetic difference, and signed bitwise difference. Then we give out the ways (2.3) and (3.5) to establish one-one relationship between arithmetic difference and singed bitwise difference and one-one relationship between arithmetic difference and modular difference. At section 4, we build a construction with (2.3) and (3.5). Given modular difference, some signed bitwise difference is uniquely determined. So it can use (2.3) and (3.5) to reduce some signed bitwise difference transformed into given modular difference in some construction.

References

[1] Eli Biham and Adi Shamir, Differential Cryptanalysis of DES-like Cryptosystems.in advances in Cryptology-Crypto’90, pp.2-21

[2]Eli Biham and Adi Shamir, Differential Cryptanalysis of DES-like Cryptosystems. Journal of Cryptology,1991,4(1):3-72

[3] Xiaoyun Wang; Hongbo Yu (2005). "How to Break MD5 and Other Hash Functions". EUROCRYPT. ISBN 3-540-25910-4.

[4] Berson, Thomas A. (1992). "Differential Cryptanalysis Mod 232 _with Applications to MD5". EUROCRYPT. pp. 71–80. ISBN 3-540-56413-6.